Command Injection Vulnerability in Netgear Router Products
CVE-2024-54807
9.8CRITICAL
Summary
A command injection vulnerability exists in the UPNP service of the Netgear WNR854T router, particularly in the addmap_exec function. This function improperly processes the NewInternalClient parameter from the AddPortMapping SOAPAction. By sending a specifically crafted SOAPAction request, an attacker can execute arbitrary commands on the router, compromising the device's integrity and potentially the entire network. Mitigating this vulnerability is essential to ensure the security of users’ networks.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved